Jenkins < 2.121 / < 2.107.3 (LTS) Multiple Vulnerabilities
Medium Nessus Plugin ID 125734
SynopsisThe remote web server hosts a job scheduling and management system that is affected by multiple vulnerabilities.
DescriptionThe remote web server hosts a version of Jenkins that is prior to 2.121, or a version of Jenkins LTS prior to 2.107.3. It is, therefore, affected by the following vulnerabilities :
- An information disclosure vulnerability exists in the AboutJenkins.java & ListPluginsCommand.java classes of Jenkins. An unauthenticated, remote attacker can exploit this to disclose installed plugins on the remote server (CVE-2018-1000192).
- A directory traversal vulnerability exists in the FilePath.java & SoloFilePathFilter.java classes of Jenkins. An unauthenticated, remote attacker can exploit this, by sending a URI that contains directory traversal characters, to disclose the contents of files located outside of the server's restricted path (CVE-2018-1000194).
- A server-side request forgery (SSRF) vulnerability exists in the ZipExtractionInstaller.java class of Jenkins. An attacker may exploit this to force Jenkins to send a HTTP get request to an arbitrary URL and glean what the response code was (CVE-2018-1000195).
SolutionUpgrade Jenkins to version 2.121 or later. For Jenkins LTS, upgrade to version 2.107.3 or later